Apple has rushed out a Java for Mac update to fix multiple security vulnerabilities, including a critical flaw discussed three months ago at Summerc0n by researcher Dino Dai Zovi.
The Java for Mac update rolls up fixes for extremely critical security holes in Java 1.6.0_20. The most serious flaws allows an untrusted Java applet to execute arbitrary code outside the Java sandbox. These could be exploited to launch drive-by download attacks.
Apple also fixed two additional remote code exection issues, including one that was publicly released by Dai Zovi in June (see slides - PDF).
CVE-2010-1826 -- A command injection issue exists in updateSharingD's handling of Mach RPC messages. A local user may be able to execute arbitrary code with the privileges of another user who runs a Java application. This issue is addressed by implementing a per-user Java shared archive. It only affects the Mac OS X implementation.
A separate memory corruption in Java's handling of applet window bounds could also be exploited via web pages containing a maliciously crafted Java applet tags. This may lead to an unexpected application termination or arbitrary code execution with the privileges of the current user, Apple warned.
The Java for Mac updates are available for Mac OS X 10.5 and Mac OS X 10.6.